SYM_JAVA_0046 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description
The code creates SSL connections that allow outdated protocols like SSL v2, SSL v3, or TLS v1, which are no longer secure. These older protocols have known vulnerabilities and should be explicitly disabled in favor of TLS 1.2 or TLS 1.3.
Impact
If exploited, attackers could intercept or tamper with sensitive data in transit, perform man-in-the-middle attacks, or decrypt confidential information. This can lead to data breaches, loss of user trust, and regulatory compliance issues.